﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Data;
using System.Security;

namespace SSCCMembership.Web
{
    public static class SecurityTester
    {
        public static void AssertRoles(string Roles)
        {
            if (!ProcessFullString(Roles))
            {
                throw new SecurityException("User isn't in one of the allowed roles");
            }
        }
        public static bool TryAssertRoles(string Roles)
        {
            return ProcessFullString(Roles);
        }

        static bool ProcessFullString(string Value)
        {
            if (Value == "")
            {
                return true;
            }
            string[] Ands;
            if (Value.Contains("."))
            {
                Ands = Value.Split(new string[] { "." }, StringSplitOptions.RemoveEmptyEntries);
            }
            else
            {
                Ands = new string[] { Value };
            }
            return Ands.All(ProcessOrString);
        }
        static bool ProcessOrString(string Value)
        {
            string[] Ors;
            if (Value.Contains("+"))
            {
                Ors = Value.Split(new string[] { "+" }, StringSplitOptions.RemoveEmptyEntries);
            }
            else
            {
                Ors = new string[] { Value };
            }
            return Ors.Any(IsUserInRole);
        }
        static bool IsUserInRole(string Role)
        {
            if (Role.ToLower() == "true")
            {
                return true;
            }
            else if (Role.ToLower() == "false")
            {
                return false;
            }
            SSCCMembership.Web.Services.AbilitiesService AS = new Services.AbilitiesService();
            return AS.GetAbilities().Contains(Role);
        }


        public static void UserCanEditMember(int MemberID)
        {
            if (IsUserInRole("EditAnybody"))
                return;
            string UserName = HttpContext.Current.User.Identity.Name;

            using (var Q = SSCCDatabase.Query("SELECT SSCC_DAT_Family.UserID FROM SSCC_DAT_Family INNER JOIN SSCC_DAT_Member ON SSCC_DAT_Family.Member = SSCC_DAT_Member.ID WHERE (SSCC_DAT_Member.ID = @MemberID)",
                new SqlParameter("@MemberID", SqlDbType.Int), MemberID))
            {
                if (!Q.Select((R) => (string)R["UserID"]).Contains(UserName))
                    throw new SecurityException("This user does not have permission to edit this member");
            }
        }
        public static void UserCanEditMembership(int MembershipID)
        {
            if (IsUserInRole("EditAnybody"))
                return;

            string UserName = HttpContext.Current.User.Identity.Name;
            using (var Q = SSCCDatabase.Query("SELECT SSCC_DAT_Family.UserID FROM SSCC_DAT_Family INNER JOIN SSCC_DAT_Member ON SSCC_DAT_Family.Member = SSCC_DAT_Member.ID INNER JOIN SSCC_DAT_Membership ON SSCC_DAT_Member.ID = SSCC_DAT_Membership.Member WHERE (SSCC_DAT_Membership.ID = @MembershipID)",
                new SqlParameter("@MembershipID", SqlDbType.Int), MembershipID))
            {
                if (!Q.Select((R) => (string)R["UserID"]).Contains(UserName))
                    throw new SecurityException("This user does not have permission to edit this membership");
            }
        }
    }

}